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DNS Root Name Service Protocol and Deployment Requirements 
Abstract 
The DNS root name service is a critical part of the Internet 
architecture. The protocol and deployment requirements for the DNS 
root name service are defined in this document. Operational 
requirements are out of scope. 
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1. Introduction 


[RFC2870] discusses protocol and operational requirements for root 
name servers for the Internet’s domain name system (DNS) protocol 
[RFC1035]. Since its publication, both protocol and operational 
requirements have evolved. It makes more sense now to separate the 
two sets of requirements into two separate documents. This document 
only defines the protocol requirements and some deployment 
requirements. The operational requirements that were defined in RFC 
2870 have been removed. Operational requirements are now defined by 
the Root Server System Advisory Committee of ICANN and are documented 
in [RSSAC-001]. 


The root servers are authoritative servers of the unique [RFC2826] 
root zone (".") [ROOTZONE]. They currently also serve the root- 
servers.net zone. Some also serve the zone for the .arpa top-level 
domain [ARPAZONE] [RFC3172]. This document describes the external 
interface of the root name servers from a protocol viewpoint of the 
service. It specifies basic requirements for the Internet that DNS 
clients meet when interacting with a root name service over the 
public Internet. 


The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, 

SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this 

document, are to be interpreted as described in BCP 14, [RFC2119]. 
1.1. Relationship to RFC 2870 


This document obsoletes [RFC2870]. 


This document and [RSSAC-001] together functionally replace 
[RFC2870]. 
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Protocol Requirements 


This section describes the minimum high-level protocol requirements. 
Operative details are documented in [RSSAC-001]. 


The root name service: 


o MUST implement core DNS [RFC1035] and clarifications to the DNS 
[RFC2181]. 


o MUST support IPv4 [RFC791] and IPv6 [RFC2460] transport of DNS 
queries and responses. 


o MUST support UDP [RFC768] and TCP [RFC793] transport of DNS 
queries and responses. 


o MUST generate checksums when sending UDP datagrams and MUST verify 
checksums when receiving UDP datagrams containing a non-zero 
checksum. 


o MUST implement DNSSEC [RFC4035] as an authoritative name service. 
o MUST implement extension mechanisms for DNS (EDNS(0)) [RFC6891]. 
Deployment Requirements 

The root name service: 


o MUST answer queries from any entity conforming to [RFC1122] witha 
valid IP address. 


o MUST serve the unique [RFC2826] root zone [ROOTZONE] . 
Security Considerations 


This document does not specify a new protocol. However, the root 
name service is a key component of the Internet architecture and play 
a key role into the overall security of the Internet [RFC2826]. 
Specific security considerations on the DNS protocols are discussed 
in their respective specifications. The security considerations on 
the operational side of the root name servers are discussed in 
[RSSAC-001]. 
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